hi I can now reliably trigger the 8 exabyte issue. When I start a libvirt-lxc container, libvirts sets the memory limit.
This can be seen with: cat /sys/fs/cgroup/memory/machine.slice/machine-lxc\x2d27166\x2dhost.domain.tld.scope/memory.limit_in_bytes 2147483648 If I now call systemctl daemon-reload on the host the memory limit jumpsĀ to 9223372036854771712 I can prevent this with by setting MaxMemory for the scope on the host: systemctl set-property --runtime "machine-lxc\x2d27166\x2dhost.domain.tld.scope" MemoryMax=2147483648 I need to know the pid used in the machine name and therefor can really only set it at runtime. However this isn't enough to prevent the 8 exabyte issue. For some reason when I do a systemctl daemon-reload on the host systemd also changes cgroup membership of some processes. Prior to reloading there were 3 processes directly in the machine-lxc...scope. A /usr/lib/libvirt/libvirt_lxc process, the /sbin/init process of the container and other process that I can't find in /proc/. Maybe a pid from within the container? After reloading only the /sbin/init process remains in the scope, the libvirt_lxc process gets kicked back to the libvirtd.service cgroup and the "ghost" task disappears. Befor reload: 11:blkio:/machine.slice/machine-lxc\x2d27166\x2dhost.domain.tld.scope 10:freezer:/machine.slice/machine-lxc\x2d27166\x2dhost.domain.tld.scope 9:perf_event:/machine.slice/machine-lxc\x2d27166\x2dhost.domain.tld.scope 8:pids:/system.slice/libvirtd.service 7:cpu,cpuacct:/machine.slice/machine-lxc\x2d27166\x2dhost.domain.tld.scope 6:rdma:/ 5:devices:/machine.slice/machine-lxc\x2d27166\x2dhost.domain.tld.scope 4:memory:/machine.slice/machine-lxc\x2d27166\x2dhost.domain.tld.scope 2:cpuset:/machine.slice/machine-lxc\x2d27166\x2dhost.domain.tld.scope 1:name=systemd:/machine.slice/machine-lxc\x2d27166\x2dhost.domain.tld.scope 0::/system.slice/libvirtd.service After reload: 11:blkio:/system.slice/libvirtd.service 10:freezer:/machine.slice/machine-lxc\x2d27166\x2dhost.domain.tld.scope 9:perf_event:/machine.slice/machine-lxc\x2d27166\x2dhost.domain.tld.scope 8:pids:/system.slice/libvirtd.service 7:cpu,cpuacct:/system.slice/libvirtd.service 6:rdma:/ 5:devices:/system.slice/libvirtd.service 4:memory:/system.slice/libvirtd.service 3:net_cls,net_prio:/machine.slice/machine-lxc\x2d27166\x2dhost.domain.tld.scope 2:cpuset:/machine.slice/machine-lxc\x2d27166\x2dhost.domain.tld.scope 1:name=systemd:/machine.slice/machine-lxc\x2d27166\x2dhost.domain.tld.scope 0::/system.slice/libvirtd.service
